Fortinet

Fortinet FortiGate Review
Virtual domains are treated as separate firewall instances.

643
4

Valuable Features:

You can create multiple virtual domains (VDOMs) which are treated as separate firewall instances. The reporting you get out of this appliance is excellent and you don't need an external management system.

Improvements to My Organization:

There is no need to buy physical firewall hardware when you are hosting multiple customers requiring individual secure access to their FW. You just create virtual domains (VDOMs).

Room for Improvement:

1. sFlow and Netflow

I could not configure sFlow from the FortiGate graphical user interface. I realized that sFlow configuration is available only from the CLI. Only to discover that sFlow is not supported on virtual interfaces such as vdom link, ipsec,or gre.

NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network traffic. I was just mentioning that it is not supported on FortiGate for those who have NetFlow analyzer/collector already setup in their network.

2. Policies

To control traffic in a firewall, you need to create and apply Policies to the FW interfaces. Policies are, by default, sorted by FW interfaces and this makes FW interfaces an integral part of the policies. Zones provide the option to logically group multiple virtual and physical FortiGate firewall interfaces. You'll then apply security policies to those Zones(logical group of interfaces) to control traffic flow on those interfaces

In a FortiGate unit with a lot of interfaces, including virtual interfaces, there's a high probability to have duplication of policies.


Use of Solution:

I have used it for two years.

Deployment Issues:

They are pretty much easy to deploy and figure out when you have experience with other security appliances. If you can configure a Cisco ASA, then it will be a walk in the park for you.

One issue which I had to get used to (and was a pain if you miss it) is that with FortiGate, you must have a firewall policy for all traffic passing between interfaces. With Cisco ASA, you only need a policy for traffic moving from lower to higher security-level interfaces.

Stability Issues:

These devices are very stable.

Scalability Issues:

They are easily scalable, with multiple built-in interfaces. It supports a minimum of 10 VDOMs. VDOM supports all dynamic routing protocols like RIP, OSPF, BGP, and IS-IS. You don't need to reboot after enabling VDOMs.

The issue I have is that there is one big configuration file, with no separations for the unique VDOMs; maybe if they separate individual VDOM configuration files, with the root VDOM configuration file referencing the individual VDOM config files.

Customer Service:

Customer service is great, 8/10.

Technical Support:

I will give technical support 8/10.

Previous Solutions:

We previously used different solutions. We did not switch. There are different requirements for different customers

Initial Setup:

The user interface is relatively easy. They are pretty much easy to deploy and figure out when you have experience with other security appliances.

Implementation Team:

It was an in-house installation.

ROI:

ROI is great. These boxes are not that expensive compared to what they can do and what functionality and reporting you get.

Pricing, Setup Cost and Licensing:

These boxes are not that expensive compared to what they can do and what functionality and reporting you get. Fortinet licensing is straightforward and less confusing compared to Cisco. Fortinet has 1 or 2 license types and VPN numbers are only limited by the hardware chassis make.

Other Solutions Considered:

I already have an experience with Cisco ASA, so it was simply a customer preference and it was well within the budget.

Other Advice:

Great appliances and affordable.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
Stuart berman li?1424880284

4 Comments

Anonymous avatar x30

Hi, have you configured next fw capabilities with https inspection in proxy mode?

Like (0)22 February 17
D68ef439 7564 4b1d 9651 313f125d72a1 avatar

Hi, there is a table in which lists FortiOS security profile features and shows whether they are available in flow-based or proxy-based inspection modes. You can access it at:

http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/Top_ProxyFlowPerVDOM.htm

Like (0)23 February 17
B123053c 6c54 478b a6a0 53813aeae939 avatar
BeckyCommunity Mgr

Hi Simon - can you explain why you chose Fortinet over other solutions that you have used in the past? What are some of the main benefits of Fortinet vs the others?

Like (0)29 May 17
D68ef439 7564 4b1d 9651 313f125d72a1 avatar

Hi Becky. I chose Fortigate mainly because it provides the capabilities to provide logical separate firewall instances to multiple customers. These logical firewall are know as VDOMs. I have the partitions the physical fw devices to multiple logical units thus saving costs.

Like (0)10 June 17
Anonymous avatar x30
Guest

Have A Question About Fortinet FortiGate?

Our experts can help. 228,876 professionals have used our research on 5,836 solutions.
Why do you like it?

Sign Up with Email