Fortinet

Fortinet FortiGate Review
The UTM (application control) features have solved many issues that other firewall providers cannot, such as Google suite blocking and allowing.


Valuable Features:

The UTM (application control) features have been very important, because they have solved many issues that other firewall providers have not developed as Fortinet has.

A clear example of this feature advantages is blocking and allowing the Google suite. For example, without UTM, we would not have been able to execute some customer requirements like this one:

A customer asked us that some host on their LAN is going to be assigned to be a POS workstation. They needed that workstation to have permissions to some applications and some URLs, and they needed to block users from opening sites like YouTube, Google+, and Google Drive, but they needed to get in to some POS URLs hosted in the Google cloud. We were working with rules allowing some specified URLs, but it didn’t work because the subnetting IP address the customer needed to be allowed, sometimes matched the YouTube service. Google support engineers told us they rotate their IP addressing subnets to be more secure and they do not always attach an IP address to a domain name. So, sometimes the customer’s workstations were able to open YouTube sites too.

The way we could block YouTube and allow the customer POS URLs sites, was by configuring an application control sensor, where we were able to block some categories like this:

Another requirement was to allow some specified applications, so we configured the next sensor structure:

Another customer reported to us they had issues working with Gmail attachment files; they could not do it. Executing some packet captures and with the Fortinet TAC help, we found they were using the latest Chrome versions that use the QUIC Google protocol, which is not supported by Fortinet because it is not a valid protocol. We proceeded to block the QUIC protocol using an application control sensor.

After this blocking action, the customer was able to work without any issue.

Improvements to My Organization:

It can block applications in level 7.

Even though other companies have latest-generation firewalls, FortiGate’s database is bigger.

Room for Improvement:

They could improve performance with all the UTM features working.

Sometimes, we have seen that when you enable the antivirus sensor, customers report slow web browsing. We know this is normal, but we would like to know if it is possible to make feel the customer their web browsing is fast with not as much delay. The antivirus sensor analyzes all the protocols and packets we specified, and this is an important performance affectation. In my personal point of view, I don’t think it is a serious issue, but we receive many reports from users who browse the web with antivirus sensors applied to their firewall policies.

Use of Solution:

I have been using it for seven years.

It is working in route mode, with all UTM licences active; it has FSSO configured to give permission to the users. It is configured to provide VPN SSL service.

Stability Issues:

I have encountered stability issues only when we enable all the UTM features.

Scalability Issues:

I have not encountered any scalability issues.

Technical Support:

Technical support is 9/10.

Previous Solutions:

We have been using FortiGate solutions for eight years. We have been upgrading when solutions in the family become unsupported.

Initial Setup:

The initial setup is easy; no issues with doing it.

Other Solutions Considered:

My company did not evaluate other options. They decided to purchase FortiGate directly.

Other Advice:

Work a lot with all of the UTM features because they can be very helpful right now with configuring firewall policies. The policies became very whole.

Disclosure: My company has a business relationship with this vendor other than being a customer: My company is a Fortinet provider for Mexico.

8 Comments

E6515ef9 5e58 4f37 a814 31f6f8a036b2 avatar
Renato PereiraReal UserTOP 20POPULAR

Hi Roberto,

as Fortinet Partner, I think that your project was not well dimensioned for your amount of users, kind of traffic and features to implement. This is the best solution.

I appreciate if you can share model and users/sites involved.

If you need some help, pls feel free to stay in touch.

Like (0)21 September 16
Anonymous avatar x30

Still confuse which one is better firewall solution I-e checkpoint or fortigate

Like (0)21 September 16
A02e432b 7481 4370 9d33 fdd60dfa7e37 avatar?1453972051
Noorulla KhanReal User

What is your recommendation about cyberoam 100ING

Like (0)21 September 16
Anonymous avatar x30

Never overheard this product. What technology background for this

Like (0)21 September 16
Anonymous avatar x30
Hamza_FarhanReal User

**Sizing is ALWAYS an issue for many people even for Sales Engineers / system Engineers. Number of users is not always the baseline when selecting the best model because you have other services running on your network and other factors that you need to take in consideration such as do you have IPSec VPN or not, SSL VPN users , WiFi users ….etc.

**You need to use some tools to collect info about ingress/egress bandwidth to get general idea about your network throughput. Otherwise, you might have some performance issues and after working with TAC they will end up telling you that the unit in place is not able to handle such traffic.
**No matter if you are talking about ASIC based or multi-processor UTM, at moment you enable All UTM features, the throughput become around %50% of overall throughput.

**Checkpoint vs. Fortigate :

-Price wise, CP is way expensive compared to Fortigate
-Both share the majority of features
-Troubleshooting issues with CP is complex and I don’t like the complexity of the product because it makes it hard to troubleshoot

Like (0)21 September 16
Anonymous avatar x30

A couple points to keep in mind. The throughput numbers for fortigate are pretty much fiction. This isn't insurmountable if you size it right up front. A 600C is rated at 1.3GB throughput with everything enabled in but in reality fails almost constantly at 500Mb. Also, fortigates fail open, so when the box is overloaded all traffic is passed and nothing is inspected....not ideal if security is your priority. On the other hand checkpoint and fortigate are not in the same league in terms of cost either so I'm not sure they are really direct competitors, and checkpoint has it's problems as well, such as needing a 370Mb thick client to properly manage the firewalls (yes there is some web management options but it isn't everything you need to do, at least it wasn't at the end of 2015).

Like (0)21 September 16
Anonymous avatar x30

Roberto:
¿Has probado o evaluado Watchguard? Yo he probado ambos equipos con todas las funciones UTM activadas y en WG no he encontrado ningún problema de estabilidad ni delay con todo activado, incluso superando la cantidad de usuarios recomendados por el fabricante, con mis clientes siempre les "presto" ambos equipos para que ellos mismos evalúen y en el 90% de los casos se quedan con WG, por varias razones que no considero pertinente comentar en este espacio.

Saludos.

Roberto:
Have you tried or evaluated Watchguard? I tested both systems with all UTM features enabled and WG have not found any stability problem or delay with all activated, even exceeding the number of users recommended by the manufacturer, with my clients always ready them both systems so that they themselves evaluate and in 90% of cases are left with WG, for various reasons I do not consider relevant comment in this space.

Greetings.

Like (0)21 September 16
A5223938 eed9 42af 9f16 9a9bd1568f21 avatar
Orlee GillisCommunity Mgr

Hamza, I think you may find our product comparison between Checkpoint and Fortigate interesting:

https://www.itcentralstation.com/products/comparisons/check-point-utm-1_vs_fortinet-fortigate

Like (0)28 September 16
Anonymous avatar x30
Guest

Have A Question About Fortinet FortiGate?

Our experts can help. 234,133 professionals have used our research on 5,903 solutions.
Why do you like it?

Sign Up with Email