Fortinet

Fortinet FortiGate Review
Virtual domains are treated as separate firewall instances


Improvements to My Organization

There is no need to buy physical firewall hardware when you host multiple customers requiring individual secure access to their FW. You just create virtual domains (VDOMs).

Valuable Features

You can create multiple Virtual Domains (VDOMs), which are treated as separate firewall instances. The reporting you receive out of this appliance is excellent. You will not need an external management system.

Room for Improvement

1. sFlow and NetFlow

I could not configure sFlow from the FortiGate graphical user interface. I realized that the sFlow configuration is available only from the CLI, and discovered that sFlow is not supported on virtual interfaces, such as VDOM links, IPsec, or GRE.

NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network traffic. It is not supported on FortiGate for those who have a NetFlow analyzer/collector already setup in their network.

2. Policies

To control traffic in a firewall, you need to create and apply policies to the FW interfaces. By default, policies are sorted by FW interfaces and this makes FW interfaces an integral part of the policies. Zones provide the option to logically group multiple virtual and physical FortiGate firewall interfaces. Then, you apply security policies to those zones (logical groups of interfaces) to control traffic flow on those interfaces.

In a FortiGate unit with a lot of interfaces (including virtual interfaces), there is a high probability of having duplication of policies.

Use of Solution

Three to five years.

Stability Issues

These devices are very stable.

Scalability Issues

They are easily scalable with multiple built-in interfaces. It supports a minimum of 10 VDOMs. VDOM supports all dynamic routing protocols like RIP, OSPF, BGP, and IS-IS. You do not need to reboot after enabling the VDOMs.

Area for improvement - there is one big configuration file with no separations for the unique VDOMs. Maybe they could separate individual VDOM configuration files with the root VDOM configuration file referencing the individual VDOM config files.

Customer Service and Technical Support

Customer Service:

Customer service is great, an eight out 10.

Technical Support:

I will give technical support an eight out 10.

Previous Solutions

We previously used different solutions as well. We did not switch, we have different requirements for different customers.

Initial Setup

The user interface is relatively easy. The devices are easy to deploy and figure out if you have experience with other security appliances.

Implementation Team

It was an in-house installation.

ROI

The ROI is great. These boxes are not that expensive compared to what they can do, their functionality, and the reporting you receive.

Pricing, Setup Cost and Licensing

Fortinet licensing is straightforward and less confusing compared to Cisco. Fortinet has one or two license types, and the VPN numbers are only limited by the hardware chassis make.

Other Solutions Considered

I already have experience with Cisco ASA, so it was simply a customer preference and well within the budget.

Other Advice

Great appliances, and it is affordable.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
Stuart berman li?1424880284

4 Comments

Anonymous avatar x30

Hi, have you configured next fw capabilities with https inspection in proxy mode?

Like (0)22 February 17
D68ef439 7564 4b1d 9651 313f125d72a1 avatar
Simon ChabaReal UserTOP 20LEADERBOARD

Hi, there is a table in which lists FortiOS security profile features and shows whether they are available in flow-based or proxy-based inspection modes. You can access it at:

http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/Top_ProxyFlowPerVDOM.htm

Like (0)23 February 17
B123053c 6c54 478b a6a0 53813aeae939 avatar
BeckyCommunity Mgr

Hi Simon - can you explain why you chose Fortinet over other solutions that you have used in the past? What are some of the main benefits of Fortinet vs the others?

Like (0)29 May 17
D68ef439 7564 4b1d 9651 313f125d72a1 avatar
Simon ChabaReal UserTOP 20LEADERBOARD

Hi Becky. I chose Fortigate mainly because it provides the capabilities to provide logical separate firewall instances to multiple customers. These logical firewall are know as VDOMs. I have the partitions the physical fw devices to multiple logical units thus saving costs.

Like (0)10 June 17
Anonymous avatar x30
Guest
Why do you like it?

Sign Up with Email