Fortinet

Fortinet FortiGate Review
Virtual domains are treated as separate firewall instances.

409
3

Valuable Features:

You can create multiple virtual domains (VDOMs) which are treated as separate firewall instances. The reporting you get out of this appliance is excellent and you don't need an external management system.

Improvements to My Organization:

There is no need to buy physical firewall hardware when you are hosting multiple customers requiring individual secure access to their FW. You just create virtual domains (VDOMs).

Room for Improvement:

Fortinet policies are built between zones or interface to interface. This can result duplicates being installed without warnings, resulting in policy auditing issues. Another issue is that Fortigate does not support Netflow, only sFlow is supported.

Use of Solution:

I have used it for two years.

Deployment Issues:

They are pretty much easy to deploy and figure out when you have experience with other security appliances. If you can configure a Cisco ASA, then it will be a walk in the park for you.

One issue which I had to get used to (and was a pain if you miss it) is that with FortiGate, you must have a firewall policy for all traffic passing between interfaces. With Cisco ASA, you only need a policy for traffic moving from lower to higher security-level interfaces.

Stability Issues:

These devices are very stable.

Scalability Issues:

They are easily scalable, with multiple built-in interfaces. It supports a minimum of 10 VDOMs. VDOM supports all dynamic routing protocols like RIP, OSPF, BGP, and IS-IS. You don't need to reboot after enabling VDOMs.

The issue I have is that there is one big configuration file, with no separations for the unique VDOMs; maybe if they separate individual VDOM configuration files, with the root VDOM configuration file referencing the individual VDOM config files.

Customer Service:

Customer service is great, 8/10.

Technical Support:

I will give technical support 8/10.

Previous Solutions:

We previously used different solutions. We did not switch. There are different requirements for different customers

Initial Setup:

The user interface is relatively easy. They are pretty much easy to deploy and figure out when you have experience with other security appliances.

Implementation Team:

It was an in-house installation.

ROI:

ROI is great. These boxes are not that expensive compared to what they can do and what functionality and reporting you get.

Cost and Licensing Advice:

These boxes are not that expensive compared to what they can do and what functionality and reporting you get. Fortinet licensing is straightforward and less confusing compared to Cisco. Fortinet has 1 or 2 license types and VPN numbers are only limited by the hardware chassis make.

Other Solutions Considered:

I already have an experience with Cisco ASA, so it was simply a customer preference and it was well within the budget.

Other Advice:

Great appliances and affordable.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
Stuart berman li?1424880284

3 Comments

Anonymous avatar x30

Hi, have you configured next fw capabilities with https inspection in proxy mode?

Like (0)22 February 17
D68ef439 7564 4b1d 9651 313f125d72a1 avatar

Hi, there is a table in which lists FortiOS security profile features and shows whether they are available in flow-based or proxy-based inspection modes. You can access it at:

http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/Top_ProxyFlowPerVDOM.htm

Like (0)23 February 17
B123053c 6c54 478b a6a0 53813aeae939 avatar
BeckyCommunity Mgr

Hi Simon - can you explain why you chose Fortinet over other solutions that you have used in the past? What are some of the main benefits of Fortinet vs the others?

Like (0)29 May 17
Anonymous avatar x30
Guest

Have A Question About Fortinet FortiGate?

Our experts can help. 209,588 professionals have used our research on 5,564 solutions.
Why do you like it?

Sign Up with Email