Fortinet FortiGate Review

Virtual domains are treated as separate firewall instances


How has it helped my organization?

There is no need to buy physical firewall hardware when you host multiple customers requiring individual secure access to their FW. You just create virtual domains (VDOMs).

What is most valuable?

You can create multiple Virtual Domains (VDOMs), which are treated as separate firewall instances. The reporting you receive out of this appliance is excellent. You will not need an external management system.

What needs improvement?

1. sFlow and NetFlow

I could not configure sFlow from the FortiGate graphical user interface. I realized that the sFlow configuration is available only from the CLI, and discovered that sFlow is not supported on virtual interfaces, such as VDOM links, IPsec, or GRE.

NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network traffic. It is not supported on FortiGate for those who have a NetFlow analyzer/collector already setup in their network.

2. Policies

To control traffic in a firewall, you need to create and apply policies to the FW interfaces. By default, policies are sorted by FW interfaces and this makes FW interfaces an integral part of the policies. Zones provide the option to logically group multiple virtual and physical FortiGate firewall interfaces. Then, you apply security policies to those zones (logical groups of interfaces) to control traffic flow on those interfaces.

In a FortiGate unit with a lot of interfaces (including virtual interfaces), there is a high probability of having duplication of policies.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

These devices are very stable.

What do I think about the scalability of the solution?

They are easily scalable with multiple built-in interfaces. It supports a minimum of 10 VDOMs. VDOM supports all dynamic routing protocols like RIP, OSPF, BGP, and IS-IS. You do not need to reboot after enabling the VDOMs.

Area for improvement - there is one big configuration file with no separations for the unique VDOMs. Maybe they could separate individual VDOM configuration files with the root VDOM configuration file referencing the individual VDOM config files.

How is customer service and technical support?

Customer Service:

Customer service is great, an eight out 10.

Technical Support:

I will give technical support an eight out 10.

Which solutions did we use previously?

We previously used different solutions as well. We did not switch, we have different requirements for different customers.

How was the initial setup?

The user interface is relatively easy. The devices are easy to deploy and figure out if you have experience with other security appliances.

What about the implementation team?

It was an in-house installation.

What was our ROI?

The ROI is great. These boxes are not that expensive compared to what they can do, their functionality, and the reporting you receive.

What's my experience with pricing, setup cost, and licensing?

Fortinet licensing is straightforward and less confusing compared to Cisco. Fortinet has one or two license types, and the VPN numbers are only limited by the hardware chassis make.

Which other solutions did I evaluate?

I already have experience with Cisco ASA, so it was simply a customer preference and well within the budget.

What other advice do I have?

Great appliances, and it is affordable.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
4 Comments
PatrikSUser

Hi, have you configured next fw capabilities with https inspection in proxy mode?

22 February 17
Simon ChabaReal User

Hi, there is a table in which lists FortiOS security profile features and shows whether they are available in flow-based or proxy-based inspection modes. You can access it at:

http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/Top_ProxyFlowPerVDOM.htm

23 February 17
BeckyCommunity Mgr

Hi Simon - can you explain why you chose Fortinet over other solutions that you have used in the past? What are some of the main benefits of Fortinet vs the others?

29 May 17
Simon ChabaReal User

Hi Becky. I chose Fortigate mainly because it provides the capabilities to provide logical separate firewall instances to multiple customers. These logical firewall are know as VDOMs. I have the partitions the physical fw devices to multiple logical units thus saving costs.

10 June 17
Guest
Sign Up with Email